apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: "{{ pair_name }}"
  namespace: "{{ _amlen_namespace }}"
  labels:
    app: "{{ app_name }}"
spec:
  replicas: {{ ha.enabled | default(false) | ternary( 2 , 1 ) }}
  selector:
    matchLabels:
      app: "{{ app_name }}"
  strategy:
    type: RollingUpdate
  serviceName: "{{ _amlen_service_name | default(pair_name) }}"
  persistentVolumeClaimRetentionPolicy:
    whenDeleted: Delete
  template:
    metadata:
      labels:
        app: "{{ app_name }}"
        release: "{{ _amlen_release }}"
      annotations:
        kubectl.kubernetes.io/default-container: amlen
    spec:
      topologySpreadConstraints:
      - maxSkew: 1
        topologyKey: topology.kubernetes.io/zone
        whenUnsatisfiable: "{{_amlen_topology_spread_constraints_when_unsatisfiable}}"
        labelSelector: 
          matchLabels:
            app: "{{ app_name }}"
      containers:
      - name: amlen
        image: "{{ _amlen_image_fqn | default ( _amlen_image + ':' + _amlen_image_tag ) }}"
        imagePullPolicy: "{{ _amlen_pull_policy | default('Always') }}"
        ports:
{% for key, value in amlen_messaging_ports.items() %}
        - containerPort: {{ value.internal if value.__class__.__name__ == "dict" else value }}
{% endfor %}
{% for key, value in amlen_ha_ports.items() %}
        - containerPort: {{ value }}
{% endfor %}
{% for key, value in amlen_service_ports.items() %}
        - containerPort: {{ value }}
{% endfor %}
        readinessProbe:
          exec:
            command:
            - python3
            - "{{_amlen_bin_directory }}readiness.py"
          initialDelaySeconds: 30
          timeoutSeconds: 60
          periodSeconds: 20
          successThreshold: 1
          failureThreshold: 3
        livenessProbe:
          exec:
            command:
            - python3
            - "{{_amlen_bin_directory }}liveness.py"
          initialDelaySeconds: 30
          timeoutSeconds: 5 
          periodSeconds: 30
          successThreshold: 1
          failureThreshold: 3
        resources:
          requests:
            cpu: "{{ _amlen_cpu_request }}"
            memory: "{{ _amlen_memory_request}}"
          limits:
            cpu: "{{ _amlen_cpu_limit}}"
            memory: "{{ _amlen_memory_limit }}"
        volumeMounts:
        - name: data
          mountPath: "{{_amlen_directory }}"
        - name: adminpassword
          mountPath: /secrets/admin
        - name: device-certs
          mountPath: /secrets/sslcerts/device
{% if ssl_ca_sources is defined %}
        - name: common-ca-secrets
          mountPath: /secrets/sslcerts/ca
{% endif %}
        - name: ha-certs
          mountPath: /secrets/sslcerts/ha
        env:
        - name: CONTAINER_PASSWORD_CHECK
          value: "true"
        - name: AMLEN_OPERATOR
          value: "true"
{% if _amlen_image_pull_secret is defined %}
      imagePullSecrets:
      - name: "{{_amlen_image_pull_secret}}"
{% endif %}
      volumes:
        - name: adminpassword
          secret: 
            secretName: "{{ pair_name }}-adminpassword"
        - name: device-certs
          secret:
            secretName: "{{device_certs_secret}}"
            optional: {{ not device_certs_required }}
        - name: ha-certs
          secret:
            secretName: "{{ha_certs_secret}}"
            optional: {{ standalone }}
{% if ssl_ca_sources is defined %}
        - name: common-ca-secrets
          projected:
            sources:
{% for key, value in ssl_ca_sources.items() %}
            - secret:
                name: {{value}}
{% endfor %}
{% endif %}
 
{% if _amlen_persistence == "false" %}
        - name: data
          emptyDir: {}
{% else %}
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: ["ReadWriteOnce"]
      storageClassName: {{_amlen_storage_class}}
      resources:
        requests:
          storage: "{{_amlen_volume_size}}"
{% endif %}

  serviceTemplate:
  - metadata:
      name: test_service
    spec:
      cluster: None
    
